Oracle to Patch 14 Security Flaws in Java SE

Oracle has said that it would deliver 14 patches on Tuesday, in order to address serious security problems with the Java platform.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible,” an advisory states.

The critical patches will apply to systems running JRE and JDK versions 5.0 (Update 35 and earlier), 6.0 (Update 32 and earlier), and 7.0 (Update 4 and earlier). The update also applies to SDK and JRE version 1.4.2_37 and earlier, as well as JavaFX 2.1.

It’s worth a mention that the at least one patch has earned a CVSS score of 10, meaning it has the highest level of importance. Of the 14 patches to be released, 12 of them are remotely exploitable without any authentication.

Based on Oracle’s information, several of the patches address issues within JRE, a commonly targeted component in Java itself.

It goes without saying really that the patches should be applied immediately, but the best bet is that if Java isn’t used or needed, it shouldn’t be installed in the first place.

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.